Ravens PHP Scripts

PHP Dir Submit Login SQL Injection Vulnerability
Date: Monday, May 25, 2009 @ 16:21:45 CEST
Topic: Security


SECUNIA ADVISORY ID: SA35125

VERIFY ADVISORY: http://secunia.com/advisories/35125/

Critical: Moderately Critical

DESCRIPTION: A vulnerability has been reported in PHP Dir Submit, which can be exploited by malicious people to conduct SQL injection attacks.



Input passed via the username and password when logging in to the administrator panel is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

SOLUTION: Restrict access to the administrator panel (e.g. via ".htaccess").

PROVIDED AND/OR DISCOVERED BY: Snakespc

ORIGINAL ADVISORY: http://milw0rm.com/exploits/8710






This article comes from Ravens PHP Scripts
http://www.ravenphpscripts.com

The URL for this story is:
http://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3611